Task-Level Screenshot Walkthroughs

This page gives short click-path walkthroughs for common tasks. Screenshots are provided at the page level and should match the documentation site the user is viewing.

1. Create and Monitor an Assessment

Click path:

1. Open Assessments.
2. Select Create or the equivalent new assessment action.
3. Enter title, scope, framework, owner, start date, and due date.
4. Assign controls or requirements to the correct owners.
5. Add evidence instructions.
6. Launch or save the assessment.
7. Monitor progress from the assessment list.
8. Open overdue or pending review assessments for follow-up.

Quality check:

• every control has an owner
• due date is realistic
• evidence expectation is clear
• reviewer is available

2. Submit or Review Evidence

Click path:

1. Open the assessment.
2. Open the control or requirement.
3. Review the response, explanation, and attached evidence.
4. Accept the response if evidence supports it.
5. Request changes if evidence is outdated, unclear, or unrelated.
6. Document the review decision.

Quality check:

• evidence matches the review period
• evidence supports the status selected
• sensitive information is not unnecessary

3. Create or Review a Critical Risk

Click path:

1. Open Risk Register.
2. Filter by high or critical residual rating.
3. Open the risk.
4. Review owner, inherent score, residual score, treatment, and review date.
5. Confirm linked controls, issues, assets, or vendors.
6. Update treatment progress or create follow-up action.
7. Escalate if the risk exceeds appetite or has overdue treatment.

Quality check:

• residual score is supported by treatment evidence
• acceptance has justification
• review date is not overdue

4. Publish a Policy and Track Acknowledgement

Click path:

1. Open Policies.
2. Create or open the draft policy.
3. Confirm owner, version, audience, effective date, and review date.
4. Attach or confirm the approved policy document.
5. Submit for approval.
6. Publish after approval.
7. Monitor acknowledgements.
8. Follow up overdue acknowledgements by audience or department.

Quality check:

• audience is correct before publication
• policy has review date
• acknowledgement requirement is clear

5. Onboard a Vendor

Click path:

1. Open Vendors.
2. Create the vendor record.
3. Enter vendor name, service description, owner, criticality, and status.
4. Start or attach vendor assessment when required.
5. Record risk rating and review date.
6. Link risks, issues, or evidence where needed.
7. Review high-risk vendors regularly.

Quality check:

• owner is assigned
• criticality is not blank
• risk rating has assessment support
• review date is set

6. Prepare an Audit Evidence Pack

Click path:

1. Open Audit.
2. Select the audit or finding.
3. Review scope, owner, due date, severity, and status.
4. Open linked assessments, controls, policies, risks, issues, and evidence.
5. Confirm evidence is current and relevant.
6. Export the needed report or evidence list.
7. Track open findings until remediation evidence is submitted, auditor verification is complete, and any linked assessment control is reassessed.

Quality check:

• evidence supports the audit period
• open findings have owners and due dates
• closure decisions are documented

7. Build a Management Report Pack

Click path:

1. Open Dashboard and review current alerts.
2. Open Reports or KPIs.
3. Select the required report.
4. Apply period, framework, owner, status, or department filters.
5. Validate numbers against source records.
6. Export the report.
7. Add management commentary for decisions, blockers, and escalations.

Quality check:

• filters match the meeting scope
• source records are reviewed
• KPI breaches are explained
• decisions required are clearly listed